When working on a customer site recently, it was discovered that the root account on the vRealize Operations Manager 6.0 server had been locked out.
This is the process we used to unlock the root account.
Open up a console session to the VM
Press Alt + F1 and try to login as root
You can see by the screenshot above that someone has tried many unsuccessful attempts to access the root account and subsequently it has been locked by the operating system.
Reboot the virtual machine
On the bootloader screen, leave the normal option chosen to boot into, however in the boot options we want to append the following to the string
Now hit Enter, and the machine will now boot into a bash shell
If you feel that locking an account out after 3 failed attempts is a bit extreme, you can modify the settings.
Edit the file /etc/pam.d/common-auth
Find and change the value “deny=3” in the following lineMaybe change it to something like 5.
What we can also see in this file is that the root account is supposed to unlock itself automatically after 5 minutes. This is a handy piece of information to know. There is no need to restart anything after making changes the common-auth file, just save the changes and close the file.
Run the following command to unlock the root account
If it works, you should see something similar to the following screenshot.
If it fails and is complaining about not being able to create the file /var/log/tallylog run the following commands:
Now you should be able to run the command to unlock the root account:
All that’s left to do is reboot the virtual machine, and now you should be able to login with the root account. If all is well, you should see a screen like the following:
But in our case, we still couldn’t get in, and after a few attempts, it locked the root account again…aarrrgghhhh
It was looking more and more like the password we had for the root account wasn’t correct. So how do we fix it?
Once again, reboot the virtual machine again and edit the boot string like earlier on, and once it boots to the bash shell, we can then run command:
Which will prompt you to enter and confirm the new password. After that is completed, you can reboot the virtual machine.
Voila, now we know what the password is and we don’t keep locking the account (although now we know that it automatically unlocks itself after 5 minutes).
Whilst your on the console, now is a good time to enable SSH. To do so, you can start the service manually using the following command:
Starting the service manually will not persist after a reboot, so to configure SSH to start automatically, use the following command:
Now you should be able to SSH into your vROps machine using the root account.